Transcript
A (0:00)
From the CISO series, it's Cybersecurity Headlines.
B (0:06)
These are the cybersecurity headlines for Friday, February 21, 2025. I'm Steve Prentiss. Minerals company loses $500,000 to BEC scam NeoCorp development, that is spelled N I O C O R P is a company that operates a minerals project in southeastern Nebraska focusing on the production of NiO, scandium and titanium, and has alerted regulators to a break in that occurred on February 14. Threat actors allegedly broke into its information systems, including portions of its email systems, and misdirected a half million dollars intended to be sent to a vendor. The company is taking steps to remediate the incident, of course, and to search for any additional damage. Australian IVF provider Investigating Cyber Incident the fertility services provider Genea confirmed on Wednesday that an unauthorized third party had accessed its systems, but said it was still determining whether personal information had been compromised. It did not specify the nature of the cyber attack or the identity of those responsible. Genea, which operates multiple IVF clinics across Australia, said it had taken some systems and servers offline as a precaution and was working to restore them while the investigation continued. The company's app, which allows patients to track their fertility cycles and access medical data, was also unavailable following the incident. SEC replaces cryptocurrency Fraud unit with Emerging Tech Team the securities and Exchange Commission announced yesterday Thursday that their crypto assets and cyber unit will be replaced by a smaller team that will focus on cyber related misconduct affecting investors. This new team, the Cyber and Emerging Technologies unit cetu, will combat fraud committed through means such as artificial intelligence, social media, the dark web, blockchain technology, hacking and account takeovers. End quote Job Ads Target freelance developers via GitHub we have seen this type of attack technique before. This most recent one targets freelance developers using deceptive job ads to get victims to download malicious software disguised as legitimate tools. This campaign is primarily using GitHub repositories. As usual, the attackers pose as reputable companies offering attractive gigs including using fake websites. Researchers at security company ESET have attributed this campaign to a North Korea linked threat actor that they call deceptive development. Thanks to today's episode's sponsor, Skrut Automation, Scrut Automation allows compliance and risk teams of any size to establish enterprise grade security programs. Their best in class features like process automation, AI and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit Scrut IO to schedule a demo or to learn more that is Www Scrutiny Nilayo Locker Ransomware targets European healthcare related entities Researchers from Orange Cyber Defense made the discovery back in late 2024 and said that the threat actors are using Shadowpad Plug X and the previously undocumented Nailio Locker ransomware. The researchers believe this campaign makes use of a zero day in checkpoint security gateways with a remote access VPN or mobile access feature. They state further that this campaign aligns with Chinese intrusion tactics such as DLL sideloading, suggesting that this may be the work of China Linked Apts, but they added that there is currently insufficient evidence to confirm this Microsoft working on Fix for Windows 11 SSH connections bug following up on a story we covered last November, Microsoft is now testing a fix for an issue that has been around since November, which is breaking SSH connections on some Windows 11, 20H2 and 23H2 systems. This fix has been included in the Windows 11 build 26100, available on its Release Preview channel. When the problem first emerged, Microsoft said that only a limited number of devices running Windows 11 Enterprise IoT and education editions were affected, but it is now investigating whether consumer Customers using Windows 11 Home or Pro editions may also be at risk. Insight Partners Discloses Security Breach Representatives from the tech sector venture capital firm said the attack was detected on January 16th of this year. According to the company, threat actors used a sophisticated social engineering technique to gain access to its infrastructure. End quote. They believe the attacker was ejected that same day. They also added that the incident did not impact its operations, with no evidence of the threat actor's presence after January 16th and adding no significant impact on portfolio companies, funds or stakeholders is anticipated. End quote Amazon shuts its Android App Store and Coins Currency Citing greater popularity within its own Amazon App Store. The company says it will discontinue its App Store For Android on August 20th of this year, and on the same day it will also be discontinuing the Amazon Coins program. The company said it will refund any coins that users hold as of August 20th and added that only a small number of customers customers use the App Store outside of Amazon devices. End quote We've got a busy Friday of live streams today. It starts at 1pm with Super Cyber Friday, where the topic will be Hacking Metrics that Matter, an hour of critical thinking about finding what you need to measure to improve your security program. Then at 3:30pm Eastern, we have our Week in Review show. TC Ned Ziolkowski will be our guest, providing his expert commentary on the news of the week. To join us for both, head on over to the events page@cisoseries.com I'm Steve Prentiss reporting for the CISO series.